Top
image credit: Adobe Stock

Foxit Patches Several Code Execution Vulnerabilities in PDF Reader

November 11, 2022

The feature-rich PDF reader provides broad functionality to users, including support for multimedia documents and dynamic forms via JavaScript support, which also expands the application’s attack surface.

This week, Cisco’s Talos security researchers have published information on four vulnerabilities in Foxit Reader’s JavaScript engine that could be exploited to achieve arbitrary code execution.

The issues, tracked as CVE-2022-32774, CVE-2022-38097, CVE-2022-37332 and CVE-2022-40129, have a CVSS score of 8.8 and are described as use-after-free vulnerabilities.

Read More on Security Week